Been going around in square circles here so any help and/or suggestions welcome!

Goal:

> encrypt my backup data on shared network server (shared via NFS or SSHFS)
> want the encrypted folder to be transparent to my local machine, i.e work as a normal mounted NFS or SSHFS folder would.
>> This is so that I can keep using "backintime" as a backup tool. It does everything I need except encryption.
> The encrypted folder should be mounted automatically on login. E.g. same as encrypted private directory.
>> For unattended backups

Some notes
> My home directory is already encrypted, but I don't just want to copy over the encrypted files because then I won't have any useful version'ing on them.
> Tried to use encfs and also Cryptkeeper. Using local folders works fine but when trying to set-up the encrypted folder on the NFS share it fails.
> Running Ubuntu Lucid, 10.04
> I'd like to set this up on all clients on the local network to backup to the same local networked server which is also running Lucid 10.04.

Thanks in advance.

Cheers
Brendan

jefro

12-05-2011 05:33 PM

A normal encrypted folder is protected by some encryption scheme on the local computer. Same would go for that remote. It would be encrypted by the remote system.

brendan_p

12-07-2011 04:33 AM

Quote:

Originally Posted by jefro
(Post 4542944)

A normal encrypted folder is protected by some encryption scheme on the local computer. Same would go for that remote. It would be encrypted by the remote system.

Thanks for the info. But need a solution if it's possible to do.

Cheers
B

jschiwal

12-07-2011 06:23 AM

An "encrypted folder" is really a file, mounted using the loop device. So it has a file system when mounted and you can share the mount point via NFS. The files inside are not encrypted. Do you need help creating this file and preparing the file system? Some distos have a graphic tool to do this for you. If your backup server has a GUI partitioning tool, look there. It will create and prepare the file, as well as write the /etc/fstab entries for it. All that remains is to share the mount point.

To do this manually, you would ue the "dd" command to create a large file; "losetup" to attach the file to a device; cryptsetup to prepare the encryption; and mkfs to create a file system on encryption device. More steps to create it initially, then to use it. Using your system's partitioning tool would be easier.
Here is a how-to on passwordless encryption: http://wejn.org/how-to-make-password...ryptsetup.html
The key is located on a USB stick. To locate the key on your backup server would be pointless, defeating the purpose of encryption.